Professional Documents
Culture Documents
Procedures
PRELIMINARY DRAFT
February 2018
This page intentionally left blank
Table of Contents
Table of Contents 1
Preface 3
Mandatory Procedures 3
Licensing of This Document 4
References 4
D
Technical Procedures 5
Commissioning a New Virtual Machine 5
Commissioning a New Server 6
Decommissioning a Virtual Machine 7
Decommissioning a Server 7
R
Password Policy 8
Programs and Services 10
Creating a New Foundation Program or Service 10
Discontinuing a Foundation Program or Service 11
A
Meetings 12
Proposing Items 12
Annual and Quarterly Meetings 12
Payments and Donations 13
FT
Donations 13
Unrelated Business Income 13
General Payments 13
Reimbursements 13
Improper Payments 14
Embezzlement 14
Unjust Enrichment 14
Code of Conduct 15
Deliberate Misgendering 15
Unsafe or Unfriendly Environment 15
Sexual Harassment 15
This page intentionally left blank
D
R
A
FT
2
Preface
This manual is designed to create a uniform set of operating procedures for the
Interlinked Foundation. The goals of this manual are:
Coordination between different people within the foundation is essential to the mission;
however, excessive regulation and bureaucracy is often counterproductive to agility.
Therefore, this manual aims to maintain a balance between order and freedom.
R
Some procedures outlined in this manual are optional, while others are mandatory.
Assume all procedures are optional unless otherwise noted, unless common sense
dictates otherwise. However, it is highly recommended to follow these procedures in any
case.
Uncertainty, unique situations not anticipated, and even self-contradictions are all
A
guaranteed to happen in life. Foundation business is no different. Let common sense be
your guide throughout. If you are ever uncertain what to do, consulting a board member
is the best course of action. If a board member is unavailable, or it's a minor detail,
simply do what you think is best. It is very rare someone will be penalised for doing what
made sense at the time, so long as it was not in malice.
FT
It is not intended that this book be read at once, although it is fully intended to be usable
in such a fashion. Rather, it has been designed as an occasional reference and aid.
Mandatory Procedures
All mandatory procedures apply to everyone equally, from the president to the volunteer.
It is a fundamental principle of the organisation that no one is above the rules. Many of
them are there for a very good reason, whether the law commands it, ethical obligations
demand it, or good corporate governance requires it.
That is not to say that mandatory procedures are beyond reproach; discussion of any
mandatory item is welcome.
3
Licensing of This Document
This manual is copyright of the Interlinked Foundation.
This work is licensed under a Creative Commons Attribution 4.0 International License.
The Interlinked Foundation retains all trademark rights to its name and logo. Derivatives
must not use these trademarks without express permission of the Interlinked
Foundation.
References
D
This document references:
4
Technical Procedures
As the Interlinked Foundation is predominantly an Internet-based organisation, the need
for technical procedures is paramount.
The foundation has a huge amount of servers and supporting infrastructure, more than
many people realise. The foundation operates an IRC network, XMPP server, Minecraft
server, and code forge, just to name a few things. Management and inventory of the
existing infrastructure is an ongoing challenge for the foundation. In addition, future-
proofing is needed to ensure the foundation can manage its infrastructure effectively as
D
it grows.
These procedures are designed to ensure it all works smoothly whilst keeping burdens
low.
The technical means for creation of the virtual machine and its configuration are outside
the scope of this document.
• Consult a board officer or the technical committee chair to determine if this virtual
machine is actually required; be prepared to offer justification
• Determine where the machine will be located and ensure it has the resources
required to host the virtual machine (disk space, RAM, etc.)
• Locate the host server's spreadsheet in the Servers folder of the documents repo
• Add an entry for the server, including any IP's you have used, and relevant
hostnames (if used)
5
• The name of the server should be related to its function, unless it is for internal
purposes
• Ask a board officer or technical committee chair to add the requisite DNS entry for
the relevant domain or subdomain, if necessary
• Give the credentials to a board officer for addition to password storage in Vault
The foundation does not presently possess rack space of its own, and therefore must
purchase dedicated servers from third-party providers for all physical servers.
• Consult a board officer or the technical committee chair to determine if this server
is truly required; be prepared to offer justification
• Large or expensive servers must be approved by the technical committee
• Selection of a provider should prefer existing providers, unless this server is for
FT
redundancy
• Consult with the treasurer for payments for the server
• If the server requires multiple IP's, ensure they are configured
• Ensure automatic payments are set up
• Create a spreadsheet for the server in Servers in the documents repo if it is a
physical host, otherwise add to the third-party virtual machine spreadsheet
• Note in the sheet the name of the server, any IP blocks, its function, and relevant
hostnames (if used)
• The name of the server should be related to its function, unless it is for internal
purposes
• Ask a board officer or technical committee chair to add the requisite DNS entry for
the relevant domain or subdomain, if necessary
• Give the credentials to a board officer for addition to password storage in Vault
6
Decommissioning a Virtual Machine
Note: When speaking of a virtual machine in this section, we speak of one
hosted on our own infrastructure.
Decommissioning a Server
Note: When speaking of a server in this section, we speak of a physical server
FT
or third-party virtual machine.
The technical means for decommissioning of the server is beyond the scope of this
document.
7
• Notify the treasurer the server is being decommissioned and payments for it will
cease, and notify the treasurer of any final payments due at this time
• If the server contains virtual machines, ensure they are migrated elsewhere before
attempting to move the server; make a note of each virtual machine requiring
migration, and migrate them one by one
• All data must be securely erased, if sensitive
• Settle all final bills for the server with the provider
• Remove the spreadsheet for the server in Servers in the documents repo if it is a
physical host, otherwise remove it from the third-party virtual machine spreadsheet
• Ask a board officer or technical committee chair to remove the requisite DNS entry
for the relevant domain or subdomain, if necessary
• Inform a board officer once destruction is complete, if not already done
D
Password Policy
Note: All of the outlined procedures are mandatory and are vital to the security of
foundation assets.
R
Passwords are stored in a program known as Vault. It encrypts credentials with a 3-part
key that requires no fewer than two board officers to unseal. Only board officers have
access to this vault.
Retention
A
Passwords are not to be retained by anyone (for example, saved in a browser's form
storage). The only place passwords should be permanently stored is in Vault, or in
secure correspondence to the authorised user.
Storing Passwords
FT
All usernames and passwords are to be stored in Vault without exception. The vault
must be resealed after passwords are stored.
Generating Passwords
All passwords must be randomly and securely generated, and no fewer than 16
characters in length. Mixed-case, numbers, and symbols are required. If a service
requires a less-secure password, make note of that to a board officer.
8
Retrieving Passwords
Passwords may be retrieved from the vault only with the agreement of two board
officers. Two will usually be around, so this is not a severe impediment. Please state
your reason for requiring the password.
D
R
A
FT
9
Programs and Services
The Interlinked Foundation's goal is to foster and create Internet communities that are
safe from harassment and discrimination (Bylaws Art. II and XIII). This goal is
accomplished through a variety of programs and services offered by the foundation.
When making any for-fee service, the foundation must be mindful of the IRS's unrelated
business income rules. All services offered by the foundation must meet these
R
guidelines to avoid excise taxes on this income. These guidelines are beyond the scope
of this document, but the IRS offers a short online course on what exactly constitutes
unrelated business income. Before proposing any for-fee service, please familiarise
yourself with these rules.
Procedure
The procedure for creating a new service is as follows:
• Make your proposal to the secretary for discussion at the next meeting
• The board will approve the proposal as a whole
• If approved, talk to the treasurer to arrange payment for the service, if any
• Follow the relevant procedures for creating servers
• Once set up, inform the board you have created the service
• If relevant, create any documentation for the service in the documents repo
10
• If you are managing the service, be prepared to create progress reports on the
service, including the size of the user base, and any problems encountered
If a service has ceased to provide public benefit, is causing unrelated business income
issues, or accomplish our mission, discontinuing the service is likely prudent.
Before discontinuing, see if spinning out the service is a possible way to save it. If
D
spinning out will save the service, an orderly transfer of assets (which will be handled on
a case-by-case basis) and liabilities out of the foundation is in order.
Procedure
The procedure for discontinuing a service is as follows:
FT
• Make your proposal to the secretary for discussion at the next meeting
• The board will approve the proposal as a whole
• If approved, talk to the treasurer for finalling bills and noting stopped payments
• Announce the decommissioning to the users of the service (if any), recommend
alternatives, and wait at least 30 days if possible
• Follow the relevant procedures for decommissioning servers, or transfer the assets
elsewhere as outlined in your plan
• If relevant, destroy or archive any documentation in the documents repo
• Set up any night-light pages outlining the service's discontinuation, if applicable
• Once discontinuation is complete, notify the board
11
Meetings
See also: Bylaws, Article IV, V, and VI
Meetings are how foundation business gets done formally, and how major decisions are
made. Decisions are generally made by the Board of Trustees, or relevant committees
(Bylaws Art. IV § 1, Bylaws Art VI).
When attending a meeting, it's a good idea to familiarise yourself with parliamentary
procedure.
D
Proposing Items
Anyone may propose items to the secretary in advance or propose items at a meeting
(Bylaws Art. III § 3, Bylaws Art. V § 3). It is preferable to notify the secretary in advance.
R
Annual and Quarterly Meetings
Quarterly and annual meetings are required by the foundation's bylaws (Bylaws Art. IV §
3). If a special meeting is to be held, the president of the board of trustees or any two
members may request it (Bylaws Art. IV § 4).
A
Notice must be given of all meetings, unless such notice is declined by the trustee
(Bylaws Art. IV § 5). The secretary must send notices to all members and members of
the Board of Trustees for each meeting (Bylaws Art. IV § 5). If you have not received
notice of any meeting, consult with the secretary.
All meetings must have a quorum of a simple majority present (Bylaws Art. IV § 6).
FT
12
Payments and Donations
Note: everything in this chapter is mandatory
The treasurer or authorised board officers are generally in charge of all payments
(Bylaws Art. V). Thus, all payments must be cleared through them.
Donations
D
It's the law: except for de minimis donations, donors must receive an acknowledgement
letter on corporate letterhead thanking them for their donation and the amount they
donated.
They cannot receive a deduction without this notice; if they get audited, they will need
this letter of acknowledgement.
R
If anything aside from de minimis items valued under $10 was given to the donor for this
donation (a quid pro quo transaction), it must be recorded in this letter; if nothing or a de
minimis item was given to the donor in exchange, "Nothing was received in exchange
for this contribution" or similar wording is required.
General Payments
All payments made by the foundation must be accounted for in the relevant Accounting
spreadsheet in the documents repo. Notify the treasurer of all payments made,
including recurring payments.
Reimbursements
If you have made a payment on behalf of the foundation, you are legally entitled to full
reimbursement. Consult the treasurer to be reimbursed.
13
Improper Payments
If an improper payment (a payment by mistake, or to the wrong party, or for an
excessive amount) has been made, consult the treasurer immediately. Keep all receipts
and relevant documentation for the payment, and explain how this occurred.
Embezzlement
Embezzlement is defined as "theft or misappropriation of funds placed in one's trust."
This is a serious crime that carries stiff legal penalties. If you suspect embezzlement of
D
foundation funds, notify a board officer immediately. Do not confront the suspected
embezzler yourself.
A board officer must confront the suspected embezzler and demand a reasonable
explanation for the missing funds; if none is forthcoming, and the funds are not returned,
law enforcement must be contacted. Retain any and all evidence of the embezzlement.
R
If embezzlement is proven, the board may vote to expel the member or officer.
Unjust Enrichment
The IRS defines the inurement (personal benefit) prohibition as "[forbidding] the use of
A
the income or assets of a tax-exempt organisation to directly or indirectly unduly benefit
an individual or other person that has a close relationship with the organisation or is
able to exercise significant control over the organisation." It is illegal to use foundation
funds to benefit yourself in any way, and against the organisation's bylaws (Bylaws Art.
II).
The foundation can not and will not give personal loans or credit to anyone under any
circumstances. The foundation's money is also not to be used for your personal
convenience.
14
Code of Conduct
The code of conduct is binding upon all members (Bylaws Art. XIII). Any violations in the
code of conduct must be reported to the president or vice president.
The board may impose sanctions upon any member found to be in violation of the code
of conduct.
Deliberate Misgendering
D
It is your right as a foundation member to have your pronouns and gender identity
respected at all times by other foundation members (Bylaws Art. III § 5, Art. XIII). If you
believe someone has misgendered you in malice, or repeatedly does so in a harassing
fashion, consult the vice president or president immediately.
Confrontation or fighting will not be tolerated. Leave your disputes at the door.
FT
If you have seen or you are the victim of any such behaviour, report it to the vice-
president or president.
Sexual Harassment
Note: Sexual harassment is a crime. Legal penalties are severe for sexual
harassment, and civil lawsuits are possible.
Respect the boundaries of others at all times. It's the right thing to do.
15
FT
A
16
R
D